Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-23093

Summary
Assigner-freebsd
Assigner Org ID-63664ac6-956c-4cba-a5d0-f46076e16109
Published At-15 Feb, 2024 | 05:18
Updated At-28 Oct, 2024 | 18:30
Rejected At-
Credits

Stack overflow in ping(8)

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:freebsd
Assigner Org ID:63664ac6-956c-4cba-a5d0-f46076e16109
Published At:15 Feb, 2024 | 05:18
Updated At:28 Oct, 2024 | 18:30
Rejected At:
▼CVE Numbering Authority (CNA)
Stack overflow in ping(8)

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.

Affected Products
Vendor
FreeBSD FoundationFreeBSD
Product
FreeBSD
Modules
  • ping
Default Status
unknown
Versions
Affected
  • From 13.1-RELEASE before p5 (release)
  • From 12.4-RC2 before p2 (release)
  • From 12.3-RELEASE before p10 (release)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
NetApp, Inc.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc
vendor-advisory
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc
vendor-advisory
x_transferred
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secteam@freebsd.org
Published At:15 Feb, 2024 | 06:15
Updated At:04 Jun, 2025 | 22:15

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:beta1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p6:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p7:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p8:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p9:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.4
cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.1
cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.1
cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.1
cpe:2.3:o:freebsd:freebsd:13.1:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.1
cpe:2.3:o:freebsd:freebsd:13.1:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.1
cpe:2.3:o:freebsd:freebsd:13.1:p3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.1
cpe:2.3:o:freebsd:freebsd:13.1:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.1
cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-120
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.ascsecteam@freebsd.org
Vendor Advisory
https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.ascaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc
Source: secteam@freebsd.org
Resource:
Vendor Advisory
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2022-39067
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.55%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.

Action-Not Available
Vendor-n/aZTE Corporation
Product-mf286r_firmwaremf286rMF286R
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2015-5745
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.92% / 82.59%
||
7 Day CHG+0.45%
Published-23 Jan, 2020 | 19:35
Updated-06 Aug, 2024 | 06:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

Action-Not Available
Vendor-Fedora ProjectQEMUArista Networks, Inc.
Product-fedoraqemueosQEMU
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-6999
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.97%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 12:06
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mds-g516emds-g516e_firmwareMoxa EDS-G516E Series firmware, Version 5.2 or lower
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-5136
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 55.56%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 10:40
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-33771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.05%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 14:41
Updated-21 May, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-619l_firmwaredir-619ln/adir-619l_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-33809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.83%
||
7 Day CHG~0.00%
Published-24 May, 2024 | 14:53
Updated-10 Jun, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks.

Action-Not Available
Vendor-pingcapn/a
Product-tidbn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • Next
Details not found